Pointers to interesting & useful information security, privacy & compliance info

I’ve been using Twitter for a couple of months now. I never saw the value of using Twitter before this time, and in fact had a completely different view of what it was “all about” until I actually started using it. I’m so glad I did! I’ve found it to be a very valuable communications tool, and I’ve made some wonderful new contacts and friends, from all over the world, through using it.


There definitely are information security and privacy issues to address through using it, though, and organizations need to make sure they have policies and practices implemented to cover them. More about those in another post.
For now I wanted to preserve for easy reference, and for you to see and use as well, *some* of the pointers (I removed the chit-chat) I’ve tweeted over the past couple of weeks that I want to remember…in reverse chronological order (from April 10 back to March 23); remember, tweets are limited to 140 characters or less…

  • @tolzak Wombat also has good anti-phishing stuff; http://wombatsecurity.com/ The folks from CMU who created the products are very sharp!
  • RT @MyLaptopGPS Women watches LIVE on Internet as thieves rob her home. Calls police, and they show up to bust! http://cli.gs/dn74eh
  • Music list kinda like fingerprints! RT @DMRegister iPod playlist helps Des Moines police nab robbery suspect: http://tinyurl.com/c9xt34
  • Very mobile; pretty cool:”Encryption device gets NSA Type 1 cert” http://tr.im/iz6j
  • @drinfosec I find interesting that oftentimes “FUD” really isn’t FUD & oftentimes “research” really is FUD! Like stats,open 2 intrprtation
  • Interesting list for the U.S.: “Who tweets in government?” http://tr.im/iyXh
  • Cool poster & good info for privacy awareness week RT @PrivacyNow Privacy Protecting Not Preventing poster http://tinyurl.com/c7dqkr
  • I’m speaking at Infotec09 next week; will you be there? http://www.infotec.org
  • Call monitoring mandate “Mexico: Communications and Electronic Information – Law on Database of Mobile (Cell) Phone Users” http://tr.im/ix7a
  • @kentonsmith Yes!CVS is good example of how poor disposal can cost millions: http://tr.im/iwDp Folks need to use common sense at home & work
  • Photo shows him w/conf. info n clearview “Scotland Yard Official Resigns After Compromising Al Qaeda Terror Investigation” http://ow.ly/2sRX
  • Email incident example: “Oops! Obama’s press office has an e-mail snafu ” http://tinyurl.com/d29py7
  • Blog post about virtual worlds (NOT virtualization): “You aren’t in Kansas anymore, ToTo…you’re in virtual Kansas!” http://tr.im/iwiL
  • Good to use for case studies: RT @mattputvinski nice story last night on identity theft http://www.cnbc.com/id/1933…
  • Employer looking at employee’s personal email account; PRT @bnatechlaw 4th Circuit Hands Down Important Privacy Decision http://bit.ly/4YUn3
  • Olympics drug testing practices violate privacy: “Doping-WADA “whereabouts” rule breaks EU laws” http://tr.im/ivo0
  • Stronger security controls to address insider threats could reduce these: “Recession Increases Insurance Fraud” http://tr.im/ivnv
  • Native American Freedom Foundation check scam & identity theft scheme targeting Native Americans; 2:43 min video http://tr.im/ivlM
  • Strong encryption is restricted: “US criticises India’s encryption norms on telecom products” http://tr.im/ivmW
  • RT @rcalo ACLU of NC’s primer, Privacy & Free Speech: It’s Good For Business, now in html. http://twurl.nl/q68gdt Pl RT!
  • RT @PrivacyNow privacy act to be introduced in Malaysia http://tinyurl.com/cbtlxx
  • Squatter or privacy violation? PRT @stejules Twitter employee hands over personal details of @Skype registrant to Skype http://ow.ly/2nSY
  • Via @LegalGRC Learn about data mapping for legal, IT, e-discovery & records management pros at a free webinar: http://tinyurl.com/legalITRIM
  • The amazing brain! “The Neuroscience of Yoricks’s Ghost and Other Afterimages” http://tr.im/irJe
  • Blog post: “Measuring The Effectiveness of Information Security & Privacy Awareness & Training” http://tr.im/irU4
  • “Twitter could spell privacy fears” http://tr.im/irFj Twitter isn’t considered private anyway. Twitter is a world stage; post using sense!
  • Privacy issues in each: PRT @s0tet ZDNET blog: “Microsoft’s intelligence security report – top 5 takeaways” http://tinyurl.com/c3fsfx
  • In Hawaii, cleartext PII on Dept of Transportation stolen laptop: “License holders alerted to theft” http://tr.im/iret
  • Interesting Richard Clark Good Morning America interview (~2 min video): “Spies Penetrate U.S. Power Grid” http://tr.im/ir68
  • From Canada; nice! RT @PrivacyPrivee Google Streetview and street imaging services? We’ve got a fact sheet! http://tinyurl.com/c92pru
  • Cintas ee’s #privacy: “U.S. Supreme Court Affirms Lower Court’s Ruling That UNITE HERE Violated Federal Privacy Laws” http://tr.im/ioz3
  • Why isn’t common sense more common in gov’t? PRT @ChuckGrassley Video on idling federal vehicles. http://tr.im/iott
  • Good idea; let’s all warn our local gov’ts! PRT @windexh8er Harvesting SSNs from land records for fun and profit: http://tr.im/inPq
  • Blog post: “#Privacy Breach Lesson: #Encrypt Mobile Digital #PII!” http://tr.im/intd
  • Quick, easy, painless, interesting: RT @angelinaward How do YOU read ebooks? (take poll and add comments): http://bit.ly/15JZei Please RT!
  • The brain is fascinating! “Two Patients Mysteriously Switch from Right- to Left-Handed After Double Hand Transplants” http://tr.im/inwC
  • A step past dashcams US police use: RT @greg450318 #sectorprivate Google Street View gives UK police a mean idea http://tinyurl.com/d5lkex
  • low-tech #insider_threat example: “Fort Madison woman gets 3 years for forging signatures” http://tr.im/int0
  • #surveillance: “Blair, Gates sign memo to build spy satellite network” http://tr.im/insb
  • Can a single point of failure be completely eliminated? We shall see: “NIST ramps up work on standards for a Smart Grid” http://tr.im/inrT
  • March IEEE Women in Engineering Newsletter; interesting for men to read too! 🙂 http://tr.im/inrz
  • A short listen with some good points: RT @rcalo My radio appearance on KCBS, FM 106.9 re: Google Street View. http://bit.ly/ts9U0
  • Blog post: “What Corporate Business Leaders Need To Know About Data Protection” http://tr.im/ik0s
  • I worked with ENISA to write “Obtaining support and funding from senior management while planning an awareness initiative” http://tr.im/ijMx
  • In June, ENISA Conf: ‘The growing requirement for information security awareness across public and private organisations’ http://tr.im/ijMR
  • RT @BrianHonan New E-discovery rules for Ireland Courtesy of TJ McIntyre’s Blog http://bit.ly/IST3H
  • #privacy Not new, but being used more: “Airport Body Scans Reveal All” http://tr.im/ii3E I want to see PIA to confirm 0 storage capability!
  • PRT @ITCompliance Society of #PCI’s Dr. Heather Mark offers 17pg analysis of Congressional #cybercrime hearings: http://bit.ly/13OxEK
  • @Tosk59 Yes, these types of bills will continue. But such wrongthinking is nothing new; remember US gov’t’s Clipper Chip? http://tr.im/ig13
  • @rcalo Will it be recorded & posted online? FYI, 4 some more thoughts on this see http://tr.im/ifBI, http://tr.im/ifBw & http://tr.im/ifBG
  • Blog post, with info from yesterday’s tweets! “Pros & Cons Of Surveillance Cameras For Compliance” http://tr.im/icet
  • 1st chptr, “What Corporate Business Leaders Need to Know About Data Protection,” of my new ebook now available 4 download! http://tr.im/ichT
  • I’m in rural Iowa & got “fast” wireless 3 yrs ago: “Verizon: Fast, wireless Internet coming to rural America” http://tr.im/icj8
  • Call for public comment in Australia: “Privacy Update – 3 April 2009 – Surveillance laws: in focus in Victoria” http://tr.im/icgx
  • “Foreign and Commonwealth Office plans biometrics bonanza for embassy security systems” http://tr.im/icg5
  • From mainstream ABC news: “Top 5 Famous Computer Hackers: From Conficker to the First Computer Virus” http://tr.im/i9Pt
  • Blog:”Ongoing Awareness Communications & Regular Training Necessary For Effective Information Security & Privacy Programs” http://tr.im/i9Jh
  • @Yanick2k …I recently blogged about mischief using others’ license plate images http://tr.im/i9te A great topic for indepth discussion!
  • @drinfosec Oh, it’s for meters? I thought it was for a parking lot/ramp; I see now it is not http://tr.im/i9qN Interesting info on ther site
  • From ISACA, but NOT for internal auditors only: “An Introduction to the Business Model for Information Security” http://tr.im/i9mz
  • Good new OECD publication with a worldwide perspective: “Online Identity Theft” http://tr.im/i9jH
  • RT @angelinaward Save 40% on select #InfoSec books with the @Syngress Stimulus Plan! http://bit.ly/RpgWR Please RT!
  • RT @randyvanderhoof SCA Annual Conference @ additional 10% off until Apr 3. Pass it along. Discount code: TWITTER http://tinyurl.com/scaa09
  • PRT @ITCompliance Courts turn aside #databreach suits: Class action suits based on data breaches… Video: http://tinyurl.com/c5nhog
  • RT @drinfosec CBS 60 Mins Conficker video had photo of “Russian hackers” in reality Finnish kids http://tinyurl.com/cgz4fw (via @sjj141)
  • Article logic: since they created PCI DSS blame them for credit card breaches: “Visa, MasterCard In Security Hot Seat” http://tr.im/i68h
  • RT @tolzak New Blog Entry: Small botnets more effective at stealing your data? http://tinyurl.com/d22sjy
  • RT @benrothke Check out the Cloud Security Alliance – www.cloudsecurityalliance.org – I am one of the contributors
  • #awareness; includes a scam watch: “New FTC Web Site Helps Consumers Cope With Tough Economic Times” http://tr.im/i5Vs
  • So many ways this ID theft could have happened: “An 11-Year-Old With Bad Credit? Mother Fights for Son’s Identity” http://tr.im/i5vY
  • This could get very mean & will likely lead to lawsuits: “How Does the Internet Rate You?” http://tr.im/i5vr
  • Sued for tweets: “Courtney Love’s ‘Malicious’ Twitter Rants Revealed” http://tr.im/i5uO
  • Full name, birthdate & gender collected when making airline reservation: “TSA’s Secure Flight Begins Vetting Passengers” http://tr.im/i3x3
  • Blog post: “HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration” http://tr.im/i2Yf
  • PRT @ITCompliance Panels describe risks of noncompliance w/MA #dataprotection law: http://bit.ly/dnr5
  • From the U.S. Law Library of Congress: “Legal Blawgs by Topic” http://tr.im/i2Z0
  • 12:08 PM Mar 31st from web
  • I’m interested! To which law do you refer? The article implies Belgium’s (ref’d in http://tr.im/i2T0); EU Data Protection Directive? Other?
  • #privacy in the UK: “Gateway reviews of Home Office ID cards programme: Updated 19th March 2009” http://tr.im/i2I5
  • #privacy: RT @bbcnews The EU warns internet firms to make better efforts to protect their consumers’ information http://tinyurl.com/dzn4dn
  • Des Moines police had 101 cases in Jan/Feb, up from 53 same time in 2008: “Economy antes up Internet scams, other crimes” http://tr.im/i2AT
  • DHS = U.S. Dept of Homeland Security: “DHS Releases Conficker/Downadup Computer Worm Detection Tool” http://tr.im/i2vC
  • Shuld identities be protected when damaging false accusations r made?”Couple Inches Closer to Unveiling Anonymous Posters” http://tr.im/i2ar
  • RT @greg450318 Prof William Deresiewicz on “The End of Solitude” CBC Spark http://tinyurl.com/db9w92
  • Curiosity is a significant type of insider threat to privacy: “Hospital: 15 fired for looking at octuplet mom’s file” http://tr.im/i25y
  • Why Twitter “frightens” Bill O’Reilly; video clip from The View http://tr.im/i0wc
  • Interesting report from the UK: PRT @sirjester I have access to more personal information than… (PDF) http://tinyurl.com/yk2hau
  • “FTC Charges Dish Network, Formerly Known as EchoStar, with Multiple Do Not Call Violations” http://tr.im/hZzI
  • “FTC Testifies on Efforts to Protect Consumers of Financial Services; Urges New Tools for Stronger Enforcement Authority” http://tr.im/hZzU
  • A very brazen insider threat example: http://tr.im/hYkX
  • Good infosec & privacy awareness prize idea, also just good to have, & on sale! http://tr.im/hVJP Thx 2 my son Heath for finding it! :)…
  • Finishing chapter 2 of my new ebook, “Understanding Data Protection from Four Critical Perspectives” Gotta focus and submit today!
  • Blog post: “Don’t let differing authority levels damage info sec, privacy & compliance collaboration” http://tr.im/hSMu
  • Warn your folks: new phishing scam many will fall for; “DHL Tracking number #BXB8E73726TMFZ6” in subject line; virus in zip attachment
  • $500/mo to maintain security program for 10-person acctg firm? hmm: “Clock ticks as firms scramble to boost data security” http://tr.im/hQQi
  • RT @drinfosec Google Docs loophole allows access to embedded pics in protected doc (even if deleted) http://tinyurl.com/c866ca
  • Blog post: “Carnegie Mellon’s CyLab Is A Great Resource” http://tr.im/hPSE
  • 3 of 5 national verification systems do not exist: “States see IT, other delays costing them on Real ID” http://tr.im/hPAy
  • Tried new running socks;Powersox APF, grade: C; Too hot, prickly feel under arches, seams create 2 much bulk.Still love my Wrightsocks best.
  • RT @greg450318 @PrivacyProf Google D.C. Talks 09/2008: Cloud Computing – x-brdr laws @40min+ BC & NS mention http://tinyurl.com/d4agkn
  • @ITCompliance FYI there are 47 US breach notice laws: 44 states + 2 territories + DC http://tr.im/hN8Y
  • Blog post: “Many Motivators For Identity Theft” http://tr.im/hMR9
  • For MA #encryption (#identity_theft prevention) law: “Frequently Asked Questions Regarding 201 CMR 17.00” http://tr.im/hMLT
  • Bring back memories for any of you? 🙂 RT @DMRegister Food fight! 20 students suspended after Dubuque sloppy-joe incident: http://tr.im/hMHw
  • RT @greg450318 “Start treating each employee like a record manager” http://tinyurl.com/c8cybq
  • People steal PII for many reasons; a unique identity theft motivation: “Cops: Woman Sought for Stealing Breast Implants” http://tr.im/hLcB
  • My New articles: RT @ITCompliance New tip: #HIPAA enforcement & more government #audits leading to more convictions: http://bit.ly/ubb97
  • Obama’s Chief Techie:Big Plans & Old Shoplifting Rap Vivek Kundra:Friends Say He’s Super-Smart, But He Once Stole 4 Shirts http://tr.im/hK4I
  • Non-tech privacy breach; many r from hard copy incdnts: “Mass. General paperwork for 66 patients lost on Red Line train” http://bit.ly/lOhow
  • Blog post: “There Are 47 US State & Territory Breach Notice Laws: 1-Page Listing” http://bit.ly/OKwht
  • 12 months probation + 100 hrs com svc for snooping Obama’s: “Former employee sentenced for accessing passport files” http://bit.ly/qxDJq
  • Good read! RT @rcalo Beth G. flagged this incredible story of identity theft. Via SF Gate. http://tinyurl.com/c7ljnk
  • Most large orgs & many SMBs have an ethics & compliance office; an org w/great ethics & compliance info is ECOA, http://www.theecoa.org/
  • @jolly Speaking of robots PRT @sciam Rise of the Robots–The Future of Artificial Intelligence: orig printed in.. http://tinyurl.com/dlrdvt

Tags: , , , , , , , , , ,

This entry was posted on Monday, April 13th, 2009 at 10:33 pm and is filed under Information Security, Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply